What is a Packet Sniffer and How Does It Work?

A packet sniffer is a device that is used by network administrators to monitor the data that is being transmitted over a network. Packet sniffers are used for network management and network security and they can also be used by unauthorized users to steal information from a network. Hackers often use packet sniffers because they are very difficult to detect and can be installed in almost any location on the network.

How a Packet Sniffer Works

A packet sniffer can view a wide variety of information that is being transmitted over the network as well as the network it is linked to. Packet sniffers exist in the form of software or hardware and can capture network traffic that is both inbound and outbound and monitor password use and user names along with other sensitive information. A packet sniffer allows you to set the interface of the network to view all of the information that is transmitted over the network. When the data passes through the system, it is captured and stored in memory so the information can be analyzed.

The packet sniffer gets its name from normal computer usage where the individual computer inspects packets of data that match the address of the computer. However, with a packet sniffer, it can examine all of the data from all of the computers that are connected to the network by viewing every packet that is sent over the network. A packet sniffer that has been installed on the network is capable of examining all of your email contacts, email messages, downloaded files, Web sites you visited, and all of your audio and video activity.

Why Packet Sniffers Are Used

Packet sniffers are used for both legal and illegal activity. A legal packet sniffer is a commercial device used to assist with network management and maintenance and to provide network security. It is also used as a diagnostic tool for network backup systems and to examine the network system for any security breaches.

An illegal packet sniffer is used by a hacker to gain unauthorized access to sensitive information and data on a network. An illegal packet sniffer is installed without the knowledge of the IT administrator and hides in different areas of the network for the purpose of spying on and stealing the information packets that pass over the network.

Types of Packet Sniffing

There are basically three types of packet sniffing:

  • ARP Sniffing: ARP sniffing involves information packets that are sent to the administrator through the ARP cache of both network hosts. Instead of sending the network traffic to both hosts, it forwards the traffic directly to the administrator.
  • IP Sniffing: IP sniffing works through the network card by sniffing all of the information packets that correspond with the IP address filter. This allows the sniffer to capture all of the information packets for analysis and examination.
  • MAC Sniffing: MAC sniffing also works through a network card which allows the device to sniff all of the information packets that correspond with the MAC address filter.
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.